Car-hacking gets real

Many new cars can be turned on and off with a tap of a smartphone. Others can apply the brakes while a driver is distracted, park themselves and maintain safe distances from surrounding vehicles. But with their increasing reliance on electronic controls, cars open themselves up to malicious manipulation.

Responding to the growing potential of unauthorised car “hacks”, the National Highway Traffic Safety Administration (NHTSA), an agency under the US government’s Department of Transportation, recently convened the Electronics Systems Safety Research Division.

In a US Senate hearing last month, the agency's administrator David Strickland said that as electronic systems overtake mechanical ones, new challenges are presented, “primarily in the areas of system reliability and cyber-security – the latter growing more critical as vehicles are increasingly more connected to a wide variety of products."

His administration is trying to get out ahead of potential attackers, as well as address other electronics safety concerns. In his testimony to the Senate, Strickland said future electronics attacks could travel via internet connections, USB ports and mobile networks.

Tapping into the future

As researchers from the University of California San Diego and Washington University proved in 2010, hacking a car's electronics system is not only possible, but in some cases quite easy. The scientists successfully tapped into a car's electronic control module (ECM), which interfaces with most of a car's dynamic systems, including engine, transmission, traction controls and braking systems. By doing so, they were able to tinker with combustion rates and even completely disable the engine. Further tests showed that they could render brakes useless, even while the car was running at 40mph, as well as keep a car running when it was turned off. Their testing culminated with a full system shutdown: the horn at full wail, doors locked, automatic-unlock buttons disabled and engine shut off.

NHTSA's concern is that hackers could wreak similar havoc over wireless connections. "Whether the entry point into the vehicle is the internet, aftermarket devices, USB ports or mobile phones, these new portals bring new challenges," Strickland said in his remarks.

So-called vehicle-to-vehicle (V2V) and vehicle-to-grid (V2G) communication technologies, as well as the advent of semi-autonomous vehicles, present additional layers of intrigue. NHTSA is currently testing self-driving cars and recently established standards for a car's level of automation. As vehicles take over more decision-making processes and communicate with each other, the administration is trying to set standards for how these communications occur.

NHTSA can compel automakers to follow standards only under certain conditions, and it is unclear whether its efforts would stifle innovation or have any measurable effect on automakers’ product strategies. The contradictory impulses in the debate are most clear in states like Nevada, California and Florida, which permit self-driving vehicles, yet in a policy statement released last month, NHTSA said it did not recommend “that states permit operation of self-driving vehicles for purposes other than testing."

There is consensus, however, around how to safeguard against potential hacks of increasingly networked passenger cars. Automakers must acknowledge the potential threats to their vehicles – and those vehicles’ purchasers – and move to safeguard their systems. Meanwhile, the government must ensure these protections are put in place. But with NHTSA only setting up its electronics division to focus on those issues in the past weeks, a lack of urgency may be the greatest immediate threat to drivers.